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What can you do to avoid becoming a victim of cryptocurrency mining malware? 

Cryptocurrency mining is becoming more commonplace and as the general public becomes more aware of the 
possibilities therein, so too do bad actors willing to access the computing resources of unwitting individuals to 
get a slice of the pie. 


https://www.siliconrepublic.com/enterprise/cryptocurrency-malware-monero-secureworks 


2/24 











3/8/2018 


The rising trend of cryptocurrency mining malware: What you should know 


Secureworks provides a myriad of cybersecurity services to thousands of companies around the world, including 
Fortune 500 clients and it today (7 March) released an extensive report examining the burgeoning threat of 
crv ptocurrencv minin g malware. The company has seen significant increases in clients reporting incidents 
involving this type of malware. 

More than just a nuisance 

In comparison to complete loss of availability caused by ransomware and loss of confidentiality caused by 
banking trojans or other information stealers, the impact of unauthorised cryptocurrency mining could be seen as 
merely a nuisance, but that is not really the case. 

Secureworks notes the “cumulative effect of large-scale unauthorised cryptocurrency mining in an enterprise 
environment can be significant as it consumes computational resources and forces business-critical assets to 
slow down or stop functioning effectively”. 

The deployment of such malware also reflects a breakdown of effective technical controls. Put simply, if attacks 
like this can become established and spread laterally within the environment, it’s likely more serious threats 
could do the same. 

Cryptocurrencies growing in popularity 

As of December 2017, there were approximately 1,370 cryptocurrencies available online coinciding with the 
boost in popularity and volatility of popular offerings like Bitcoin and Monero. 

Mining cryptocurrencies is more profitable when computing power is aggregated, with the rewards then split 
among contributors. Pools are not required to disclose details of the amount of miners within, making estimating 
the number of active miners and mining apps difficult to calculated. 

Cryptocurrency historically attractive to criminals 

Cryptocurrency is attractive to financially motivated threat actors as the decentralised nature of many of the 
offerings makes things difficult in terms of legal investigations. The promotion of anonymity as a USP of many 
cryptocurrencies is another key factor. 

If a cyber-criminal controls an affected system, mining can be done cost-free as the hardware and energy costs 
are outsourced. Combining cryptocurrency mining malware with information stealers can also provide additional 
revenue streams. 

Bitcoin mining as a criminal activity was first reported in 2011 and those employing these techniques have 
grown more sophisticated in their execution. The Apache Struts vulnerability used to compromise Equifax in 
2017 was the key to the Zealot multi-platform campaign that mined Monero cryptocurrency and the same 
exploit used in the WannaCry attack was used to deliver the Adylkuzz mining malware in that same year. 

The combination of SMBvl exploits and the Mimikatz credential-theft tool used by the NotPetya malware in 
June 2017 has been used to distribute Monero mining software. 
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There are also a number of miners across multiple platforms, with threat actors deploying it where they can get 
the highest return - from Linux to Windows and even mobile operating systems. 

Monero is the currency of choice 

Browser-based mining software such as Coinhive allow website owners to legitimately monetise web traffic, but 
the software can just as easily be used by bad actors exploit vulnerable websites. 

Monero seems to be the most popular option to mine, as most threat actors believe it provides the best return on 
investment and is more suitable for machines with less computational power, making it easier to exploit a large 
number of corporate computing assets. 

Underground forums offer obfuscation, malware builders, and botnet access to hide illegitimate mining. 

What is the impact? 

The impact to an individual host is the consumption of processing power, Secureworks clients have noted surges 
in computing resources and effects on business-critical servers. This impact is amplified in large-scale 
infections. 

It is especially nefarious as people may not notice cryptocurrency mining as quickly because it does not require 
capitulation, its impact is less immediate or visible, and miners do not render data and systems unavailable. 

These factors may make mining more profitable than deploying ransomware. 

A high return on investment 

Mike McLellan, author of the report, and senior security researcher at Secureworks told Siliconrepublic.com: 
“The use of cryptocurrency mining malware will continue to rise as long as it offers a high return on investment 
for threat actors. 

“If an initial malware infection can deliver and spread cryptocurrency miners within an environment without 
being detected, then that same access vector could be manipulated to deliver a wide range of other threats, such 
as banking trojans or ransomware.” 

McLellan added that Secureworks is seeing is some threat actors are removing vulnerabilities that are used to 
gain initial access to hosts, meaning that no one else can gain access in the same way. 

What can you do? 

McLellan offered the following tips: “When it comes to mitigating the threat of cryptocurrency mining malware, 
organisations need to ensure that appropriate preventative, detective and responsive controls and procedures are 
in place. 

“This includes implementing two-factor authentication and web application firewalls or web content filtering, 
plus managing user account privileges, and disabling access to unused ports and services. 

“Having the right endpoint security technology and implementing and/or updating antivirus software is also 
critical in order to detect cryptocurrency mining malware.” 

Finally, organisations need to practice incident response, and ensure that the right back up regimes are in place in 
the instance that organisations are infected with cryptocurrency mining malware. 
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By employing these steps, people and businesses can also protect themselves against other dangers, McLellan 
concluded: “These mitigations for installation, persistence, and lateral movement techniques associated with 
cryptocurrency malware are also effective against commodity and targeted threats.” 

Related: re ports. Bitcoin. malware, cryptocurrency, infosec 



Ellen Tannam is a writer covering all manner of business and tech subjects 
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